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DRAFT MBCRAHDOM FOR STANDING CSQUP TO ISSUE 

1. Regulations at present in force (DC 2/7 (Final) and STAND 474 as amended by 
8TASBCS 1508, 1935 and 1588) ensure that all COSMIC telegrams and all NATO 

TOP SECRET and SECRET telegrams are enciphered in cryptosystems authorized by the 
Standing Group . But all nations of NATO are also originating and transmitting in 
their own national cryptosystems a quantity of telegrams both civil and military 
which, although they are the private concern of the nation in question, must be 
expected to contain information which affects NATO as a whole and the loss of 
which to a non-NATO nation harms the security of NATO* 

2. Further STAND 474 allows NATO telegrams graded CONFIDENTIAL CR RESTRICTED 

to be encrypted in national system, and it is highly undesirable that information 
of such gradings should become available to nations outside NATO. 

3* The Standing Group therefore feels considerable concern at the potential danger 
to the security of NATO which may arise from the insecurity of the national communi- 
cations of individual nations: the insecurity of one can endanger the security of all. 

4. The Standing Group has had prepared a paper enumerating examples of cryptographic 
and ccamnmi cations practices and procedures which endanger security. This paper la 
attached at Appendix A. The Standing Groqp requests that each member nation examine 
this paper and take action to ensure that its awn communications are free from the 
practices and procedures mentioned therein. 

5. Further the Standing Group requests that each NATO oation will designate or 
establish a Communications Security Agency which shall be authorized to comaunlcate 
on communication security matters both civil and military direct with the Standing 
(koup Communications Security and Evaluation Agency Washington (SECAN) and with the 
European Security and Evaluation Agency (EUKEC). 

6. The Sta ndin g Group invites any member nation, which requires advice and technical 
assistance towards the improvement of the security of its national cryptographic and 
communications practices and procedures whether civil or military to apply through 
their Communications Security Agency direct to the Standing Group Communications 
Security and Evaluation Agency Washington . It may subsequently be found more con- 
venient for SECAN to arrange for discussions arising out of this first approach to 
be held with EUSEC. 
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LIST OF EXAMPLES OF DANGEROUS 
CRYPTOGRAPHIC AND COMMUNICATIONS 
HtACTICES AND PROCEDURES 
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I. UNENCIPHERED CODES. 

1. Unenciphered codes are totally inacceptable In diplomatic use for trans- 
mission of classified information. They are only acceptable for Armed Forces communi- 
cations vben it is not considered essential to maintain the security of the informa- 
tion for more than two or three days from the introduction of the code. It follows 
that such codes must be changed at very frequent Intervals. 

II. ADDITIVE SYSTEMS 

2. Any additive (or sub tractor or minuend) system is dangerous unless special 
precautions are taken in the construction of the additive Itself, {ferny procedures 

that may be regarded as "special precautions" are deceptive as to security and may 

EO 3.3(h)(2) 

even in themselves create weaknesses. pi_ 86-36/50 USC 3605 



5 . In general 3 polyalphabetic substitution systems whether actually additive 
in nature or not, are like additive systems and are subject to the same dangers. 

III. NGN -ADDITIVE HAND SYSTEMS 

6. There are many band systems of encipherment that do not employ additive. 

Very few of these can be guaranteed to be secure, even though they may be very 
complex, applying both substitution and transposition to code or plain language. 

IV. MACHINE SYSTEMS 

7* Machine ciphers vary greatly in the amount of security they afford. 

Failure to observe in every detail proper instructions for operation may lead to 
compromise even vith the best machines. Others, such as the veil-known Bagelin 
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‘Haryptoteknik” (see pera 8 below) ere insecure unless precautions are taken over and 
above those recomaended by the Manufacturer. Others, again, are basically insecure 
and should in no circuastances be used. 

8. Special attention is drawn to the dangers inherent in the use of the Bagelln 
"Crypto teknik” machines of the C •> series: 

a. Since the encipherment is essentially by additive, it follows that if a 
message setting is used more than once the key can be recovered on the overlap; 

a eiagle mistake by an operator using a message setting a second time can thus coogro* 
mlsei the machine setting. 

b. The additive generated by the machine is never truly random and there are 
circuastances in which this fact can be used to recover the machine setting, even 
though no message setting is repeated. 

c. With proper precautions this machine can give very good security for a 
limited amount of traffic, but in view of the maober of different dangers that can 
arise in varying conditions of use, for which it is impossible to legislate in 
advance, member nations who wish to make use of the "Crypto teknik" are especially 
urged to consult 6BCAH. 

V. TRAWCL381CI7 SECURITY. 

9. Ciphers, however good individually, are not enough to ensure coamuni cations 
security. Transmission techniques and message formats can in themselves provide 
considerable Intelligence to a traffic analyst. Although there are practical 
limitations, the ideal to be striven for is that tbs traffic neither of any type 
(e.g., naval, air force, etc.) nor of any nation should be distinguishable by 
external characteristics . Again, Intelligence can be gained by study of the 
organisation and procedure of radio networks and by use of radio direction-finding . 

In many cases, especially in Armed Forces communications, a skillful enemy can 
obtain valuable intelligence by collation of apparently uninformative message texts. 

It follows , therefore, that full communications security demands that special 
precautions be observed in such matters as the Judicious employment of indicators, 
the selection of call signs and of frequencies, radio procedures, and the re- 
striction of the use of plain language. 
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